Vulnerabilities > Zephyrproject > Zephyr > 2.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-05 | CVE-2020-10070 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. | 7.5 |
| 2020-06-05 | CVE-2020-10063 | Integer Overflow or Wraparound vulnerability in Zephyrproject Zephyr A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. | 5.0 |
| 2020-06-05 | CVE-2020-10062 | Off-by-one Error vulnerability in Zephyrproject Zephyr An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. | 7.5 |
| 2020-06-05 | CVE-2020-10061 | Out-of-bounds Write vulnerability in Zephyrproject Zephyr Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. | 5.8 |
| 2020-05-11 | CVE-2020-10060 | Access of Uninitialized Pointer vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0/2.3.0 In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. | 5.5 |
| 2020-05-11 | CVE-2020-10059 | Improper Certificate Validation vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0 The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. | 5.8 |
| 2020-05-11 | CVE-2020-10022 | Classic Buffer Overflow vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0 A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. | 7.5 |